OpenWrt + Hyprspace: easiest overlay network solution

OpenWrt supports a number of overlay network solutions, the most popular being: Tailscale, Netbird, and ZeroTier. Overlay networks are useful if you want to remotely administer your device but you don't want to expose it generally to the public Internet.

There's another really easy overlay network solution if your hardware supports Go: Hyprspace

Hyprspace doesn't require you to sign up for any service or host your own server components and has excellent NAT-traversal for IoT devices behind a firewall. Here's how to use it:

1. Install Go: opkg update && opkg install golang

2. Download the Hyprspace binary to your OpenWrt device and set it to be executable. On my device the commands were:

wget -O hyprspace https://github.com/alecbcs/hyprspace/releases/download/v0.2.2/hyprspace-v0.2.2-linux-arm64

chmod +x ./hyprspace

3. Initialize it: ./hyprspace init utun0  --config ./hyprspace-config.yaml && chmod 600 ./hyprspace-config.yaml

4. Update the OpenWrt firewall to allow traffic on the new overlay network:

cat >> /etc/config/firewall <<EOF
config  zone
        option  name        'Hyprspace'
        option  input       'ACCEPT'
        option  output      'ACCEPT'
        option  forward     'REJECT'
        option  subnet      '10.1.1.0/24'
EOF

service firewall restart

5. Now configure Hyprspace to run on boot:

sed -i 's/^exit 0$//' /etc/rc.local && echo "sleep 30 && $(pwd)/hyprspace up utun0 --config $(pwd)/hyprspace-config.yaml" >> /etc/rc.local

6. On another machine (which can be on an entirely different network or across the Internet), download and configure Hyprspace. In my scenario, it's an x86_64 machine running Linux:

wget -O hyprspace https://github.com/alecbcs/hyprspace/releases/download/v0.2.2/hyprspace-v0.2.2-linux-amd64

chmod +x ./hyprspace

./hyprspace init utun0  --config ./hyprspace-config.yaml && chmod 600 ./hyprspace-config.yaml

7. Since Hyprspace is a point-to-point VPN, we'll need to edit hyprspace-config.yaml on both machines to tell them about each other.

On my x86_64 machine I edit hyprspace-config.yaml and change the address from the default 10.1.1.1 to 10.1.1.2 (since our OpenWrt will be using 10.1.1.1).

Then you need to update the peers section in both files as explained in the Hyprspace README

My end result looks like this (OpenWrt machine is on the right):

8. Now save both files and restart the OpenWrt machine.

9. Wait a minute for OpenWrt to finish the reboot, then start Hyprspace on your local computer:

sudo ./hyprspace up utun0 --config ./hyprspace-config.yaml

10. Now you should be able to ping, SSH, SCP, etc. the OpenWrt machine regardless of its location in the world or your local network: ssh root@10.1.1.1

Cool, huh!